Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

OpenSSH issue

from [Jeff Chapin] Network Security [Permanent Link]
Subject: OpenSSH issue
Date: Thu, 18 Oct 2007 16:49:21 -0500 
Hello,

 

CentOS release 4.5 (Final), with CPanel here. Using a nessus scan with
ssh credentials, I am getting the following as a critical error:

According to its banner, the version of OpenSSH installed on the
remote host contains a race condition that may allow an
unauthenticated remote attacker to crash the service or, on portable
OpenSSH, possibly execute code on the affected host. In addition,
another flaw exists that may allow an attacker to determine the
validity of usernames on some platforms.

 

However, from the linked CVE, and the linked Redhat Errata
(RHSA-2006:0698-8) it appears that this is a corrected issue with a
backported patch. I am not sure that the version I have is NOT
vulnerable, or that I am reading this documentation correctly.

 

Here is some additional info that may be relevant:

 

Installed Packages

openssh.i386                             3.9p1-8.RHEL4.20
installed

 

# ssh -v

OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

 

Thanks!

 

Jeff

 

JEFF CHAPIN 
SYSTEM ADMINISTRATOR 

T8DESIGN.COM | P 319.266.7574 - x267 | 877.T8IDEAS | F 888.290.4675

 


This e-mail, including attachments, is covered by the Electronic
Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential, and
may be legally privileged. If you are not the intended recipient, you
are hereby notified that any retention, dissemination, distribution, or
copying of this communication is strictly prohibited. Please reply to
the sender that you have received the message in error, and then please
delete it. Thank you.

JPEG image

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Using Nessus for PCI, Ron Gula
Next by Date:  Windows info from the registry, Andrew Court
Previous by Thread:  Using Nessus for PCI, Larry Petty
Next by Thread:  Re: OpenSSH issue, Renaud Deraison
Indexes:  [Date] [Thread] [Top] [All Lists]